News
Vulnerability-Lookup 4.3.0 released
We are pleased to announce the release of Vulnerability-Lookup 4.3.0! This release brings compliance with the updated GCVE BCP-03 specification (discussion), introducing a dedicated API endpoint for exposing GCVEs published by a local Vulnerability-Lookup instance. It also includes improvements to the GCVE feeder, email notification reliability fixes, and updated dependencies. What’s New GCVE Publication Endpoint A new /api/gcve/publication endpoint lets external consumers discover all GCVEs published by the local instance. This is the standard mechanism defined in the updated GCVE BCP-03 for federated vulnerability sharing between Vulnerability-Lookup deployments and GCVE-compatible tools. c931b95
March 27, 2026
VulnMCP 1.0.0 released
We are excited to share a new project we have been working on: VulnMCP. VulnMCP is an MCP server that brings vulnerability intelligence directly into AI clients, chat agents, and automated workflows. The idea is simple: make vulnerability analysis programmable, modular, and easily consumable by modern AI systems. With VulnMCP, you can: Query and explore vulnerabilities (via Vulnerability-Lookup) directly from your chat agent or editor. Classify vulnerability severity (in English and Chinese) using our fine-tuned NLP models. Predict CWE categories from descriptions. Guess the CPE based on one or more keywords from a vulnerability description. Explore KEV catalogs. Retrieve real-world sightings. Build and extend your own “skills” for automated security analysis. Have a look at the screencast below (with sound on!) featuring Claude Code. You will see how to retrieve information about a vulnerability using its CVE ID and classify its severity — all from your favorite AI chat agent.
March 25, 2026
cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD
cpe-guesser 2.0 releasedOverview Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching. A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/, providing additional CPE sources and more autonomy from the previously NVD-only source model.
March 22, 2026
Vulnerability-Lookup 4.2.0 released
It is our honour to announce the release of Vulnerability-Lookup 4.2.0! This version brings a large number of new CSAF-based vulnerability advisory sources, improvements to the web interface, and several bug fixes. What’s New New CSAF-based sources As the number of GNA keeps growing and the interest around the GCVE-EU initiative increases, these UI improvements and filtering capabilities are becoming essential to efficiently explore the various available sources.
March 20, 2026
Vulnerability-Lookup 4.1.0 released
We are excited to announce the release of Vulnerability-Lookup 4.1.0! This version brings new features, improvements, and several bug fixes. What’s New Full-text search with Meilisearch You can now enable full-text search on your Vulnerability-Lookup instance. This new feature relies on Meilisearch and the Vulnerability-Lookup event-stream. The indexer subscribes to the appropriate topic and receives all new and updated vulnerabilities pushed through the Valkey event-stream. This is the event-stream used by FediVuln in order to push notifications from a Vulnerability-Lookup instance to the Fediverse.
March 10, 2026
Vulnerability Report - February 2026
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
March 2, 2026
Vulnerability Report - January 2026
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
February 18, 2026
Vulnerability-Lookup 4.0.0 released
We are pleased to announce the release of Vulnerability-Lookup 4.0.0 — a second major milestone at the beginning of this year. This version is paving the way for federated deployments of Vulnerability-Lookup instances. What’s New Remote Instance Synchronization There should have been a video here but your browser does not seem to support it. A local instance can now pull objects — including bundles, comments, sightings, and KEV entries (BCP-07) — from configured remote Vulnerability-Lookup instances via their public APIs.
February 16, 2026
Vulnerability-Lookup 3.0.0 released
We are glad to announce Vulnerability-Lookup 3.0.0. Our second release of 2026 is a major milestone, featuring GCVE-BCP-07 support. Now, every Vulnerability-Lookup instance can publish its own KEV catalog while integrating KEV feeds from CISA and ENISA. Let’s take a look at all the notable changes. What’s New GCVE-BCP-07: Known Exploited Vulnerabilities (KEV) Catalogs Integration There should have been a video here but your browser does not seem to support it. This release implements support for GCVE-BCP-07, enabling seamless integration with multiple Known Exploited Vulnerabilities (KEV) catalogs from different Global Numbering Authorities (GNAs). PR #310
February 2, 2026
Vulnerability-Lookup 2.21.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.21.0. This release brings several important improvements focused on search, data ingestion, and usability. What’s New Product-level indexing & search API Making it easier to explore vulnerabilities from a product-centric angle, without specifying a vendor name. (f906064) New CSAF feeder for Schneider Electric We have recently added a new CSAF feed for Schneider Electric. (e43fa03)
January 23, 2026